1 Overview
This AUP applies to all users of the VirtualText platform including messaging via SMS/MMS, webchat, voice, email, API, and AI agents.
You are responsible for the conduct of all users on your account. Account administrators must ensure that all team members understand and comply with this policy.
You are responsible for all content transmitted through the Service, including content generated by AI agents operating under your playbooks. Automated messaging does not diminish your obligations under this policy or applicable law.
2 SMS/MMS Messaging Compliance
2.1 TCPA (Telephone Consumer Protection Act)
- You must obtain prior express written consent before sending marketing messages.
- You must obtain prior express consent before sending informational or transactional messages.
- You must honor all opt-out requests immediately. VirtualText's system blocks outbound messages to opted-out contacts automatically, but you must not attempt to circumvent this mechanism.
- You must identify yourself in all messages.
- You must include opt-out instructions (e.g., "Reply STOP to unsubscribe") in marketing messages.
- You must not send messages before 8:00 AM or after 9:00 PM in the recipient's local time zone.
- You must maintain records of consent for at least five (5) years.
2.2 10DLC (10-Digit Long Code) Compliance
- All SMS/MMS messaging through VirtualPBX must use 10DLC-registered numbers.
- You must complete TCR (The Campaign Registry) registration through VirtualPBX.
- You must accurately describe your messaging use case during campaign registration.
- Campaign status must be "Approved" before sending messages.
- Phone numbers must be properly assigned to approved campaigns.
- VirtualPBX automatically appends opt-in footers to messages per carrier requirements.
- Misrepresenting your use case during registration may result in campaign suspension and account termination.
2.3 CAN-SPAM Act (Email)
- Commercial email must include a clear and conspicuous unsubscribe mechanism.
- Must include your physical business address.
- Must not use deceptive subject lines or headers.
- Unsubscribe requests must be honored within ten (10) business days.
3 Consent & Opt-In Requirements
3.1 Collecting Consent
- Consent must be clearly and unambiguously obtained.
- Consent must be documented and auditable.
- Pre-checked opt-in boxes do not constitute valid consent.
- Consent obtained for one campaign does not apply to others. VirtualPBX tracks per-campaign consent.
- You must clearly disclose the type and frequency of messages the recipient will receive.
3.2 Opt-Out Handling
- VirtualPBX automatically recognizes STOP, UNSUBSCRIBE, CANCEL, END, and QUIT keywords.
- Opted-out contacts are blocked from all outbound messaging on the relevant campaign.
- You must not manually override opt-out blocks.
- Contacts may opt back in by sending START. This is tracked with a full audit trail.
- You must respond to opt-out requests with a confirmation message.
3.3 Contact Verification
- VirtualText's quarantine system holds messages from unverified contacts.
- You should use verification codes (SMS or email) to confirm contact identity.
- Unverified contacts should not receive marketing messages.
4 Prohibited Content
You must not use the VirtualText platform to create, store, or transmit any of the following content:
- Spam or unsolicited bulk messaging
- Phishing, social engineering, or impersonation
- Malware, viruses, or malicious links
- Content that promotes violence, hatred, or discrimination
- Sexually explicit or pornographic content
- Content that infringes intellectual property rights
- False, misleading, or deceptive content
- Content that violates any applicable law or regulation
- Illegal goods or services promotion
- Multi-level marketing or pyramid schemes
- Fraudulent offers, scams, or get-rich-quick schemes
- Content designed to collect sensitive data deceptively (account numbers, passwords, SSNs)
5 Prohibited Activities
The following activities are strictly prohibited on the VirtualText platform:
- Sending messages to purchased, rented, or scraped contact lists
- Sending messages to contacts who have not provided consent
- Circumventing rate limits, security controls, or access restrictions
- Attempting to access other customers' data or infrastructure
- Reverse engineering, decompiling, or disassembling the Service
- Using the Service to conduct or facilitate DDoS attacks or other network abuse
- Sharing account credentials or API keys with unauthorized parties
- Automated scraping or harvesting of data from the platform
- Using the Service in a way that degrades performance for other customers
- Reselling or sublicensing the Service without written authorization
- Attempting to bypass VirtualText's opt-out enforcement mechanisms
6 AI Agent Responsibilities
- You are responsible for all content your AI agents generate and send.
- Playbooks must not instruct AI agents to engage in any prohibited activity described in this AUP.
- AI agents must not be configured to impersonate real individuals without their consent.
- AI agents must not be configured to provide professional advice (legal, medical, financial) without appropriate disclaimers.
- You must review and monitor AI agent conversations regularly.
- AI agent playbooks must accurately represent your products, services, and policies.
- If an AI agent sends content that violates this AUP, your account may be subject to enforcement action.
7 Healthcare & HIPAA-Specific Requirements
Note: These requirements apply in addition to all other sections of this AUP for customers who transmit Protected Health Information (PHI) through the VirtualText platform.
- Healthcare customers must execute a Business Associate Agreement (BAA) before transmitting Protected Health Information (PHI).
- PHI must only be transmitted through HIPAA-compliant channels.
- AI agent playbooks for healthcare must not be configured to provide medical diagnoses or treatment recommendations.
- You must implement minimum necessary access controls for staff viewing PHI.
- You must report any suspected PHI breach to VirtualPBX within twenty-four (24) hours.
8 API Usage
- API calls are subject to rate limits (default: 100 requests per second per API key).
- You must implement proper error handling and respect rate limit responses (HTTP 429 status codes).
- API keys must be stored securely and never exposed in client-side code.
- Webhook endpoints must validate HMAC-SHA256 signatures.
- You must not use the API to circumvent platform safeguards or compliance controls.
- Automated messaging via API must comply with all TCPA, 10DLC, and CAN-SPAM requirements.
9 Monitoring & Enforcement
VirtualPBX monitors platform usage for compliance with this AUP. Monitoring includes:
- Message volume patterns
- Opt-out rates
- Complaint rates
- Carrier feedback
- Spam reports
We may proactively review messaging patterns that indicate potential violations.
We will not access message content except as required for compliance investigation, security incident response, or with your consent.
10 Enforcement Actions
VirtualPBX may take the following enforcement actions for AUP violations:
Warning
Written notice of the violation and required corrective action.
Throttling
Temporary reduction of messaging throughput.
Suspension
Temporary suspension of messaging capabilities.
Campaign Suspension
Suspension of specific 10DLC campaigns.
Termination
Permanent termination of your account.
Severity of enforcement action depends on: the nature and severity of the violation, whether it was intentional, history of prior violations, and impact on recipients and carriers.
Emergency Suspension: VirtualPBX may suspend your account without prior notice for violations that pose an immediate risk, such as active phishing campaigns or mass spam.
You may appeal enforcement decisions by contacting compliance@virtualpbx.com within fifteen (15) days of the enforcement action.
11 Reporting Violations
To report suspected AUP violations, email abuse@virtualpbx.com. Please include:
- The nature of the suspected violation
- Any relevant message content or screenshots
- Contact information of affected parties
VirtualPBX will investigate all reports promptly and take appropriate action.
12 Changes to This Policy
- VirtualPBX may update this AUP with thirty (30) days' notice.
- Material changes will be communicated via email and in-app notification.
- Continued use of the Service after the effective date of any changes constitutes your acceptance of the updated policy.
- Current and prior versions of this policy are available upon request.
13 Contact
Compliance Questions
Abuse Reports
General Legal
Mailing Address
VirtualPBX.com, P.O. Box 8351, San Jose, CA 95155